I have three machines on my test bed- A, B and C. Snort runs on A.
B and C both have a VM running as well.
I am unable to understand why Snort is not seeing the traffic that is
flowing between machine B/VM on B/machine C/VM on C and the internet.
Snort.conf clearly says-
# Setup the network addresses you are protecting
ipvar HOME_NET [172.16.x0.0/24]
# Set up the external network addresses. Leave as "any" in most situations
ipvar EXTERNAL_NET any
I tried doing packet captures in promiscuous mode on A. Even Wireshark
doesn't see that traffic from those machines to the internet. So it
doesn't seem to be any problem with Snort but with my settings.
What am I doing wrong?